URL Encode issue when running zest script, how to make it off

[lakshmi]

URL Encode issue when running zest script

I have a parameter in the access url like %3D (when recorded the script, it gets the value %3D) and when run the zest script, it shows as %2525 (url has been encoded) whereas it should take only %3D.

Please suggest how to make it off to not to encode again in ZAP.

[lakshmi]

When recorded Zest script: Observe last letters (%3)

https://beta-uat.xxxx/covers/login/callback?code=f94490251d0b3d40a5f3&state=RhLXVhdC50YXlsb3JxxxxmcmFuY2lzLmNvbS9ib29rcy8ifQ%3D%3D

When running the script:Observer last letters (in place of %3 - it gets %253))

https://beta-uat.xxxx/covers/login/callback?code=f94490251d0b3d40a5f3&state=RhLXVhdC50YXlsb3JxxxxmcmFuY2lzLmNvbS9ib29rcy8ifQ%253D%253D

How to disable the same so that it will not encode.

[lakshmi]

we have functionality to send 'state' value as encoded 'ifQ%3D%3D' in the request. However when run zest script, it re-encodes to 'ifQ%253D%253D'.

Please guide if it is possible to restrict this and configure ZAP not to encode particular parameter.

[lakshmi]

Able to overcome the issue by re-placing == in place of %3D%3D while sending the request.

[thc...@gmail.com]

An issue has been raised to address that:
https://github.com/zaproxy/zaproxy/issues/3510

Best regards.

On 10/05/17 08:45, lakshmi wrote:
> Able to overcome the issue by re-placing == in place of %3D%3D while
> sending the request.
>
> On Wednesday, May 10, 2017 at 12:34:59 PM UTC+5:30, lakshmi wrote:
>>
>> we have functionality to send 'state' value as encoded 'ifQ%3D%3D

>> <https://beta-uat.xxxx/covers/login/callback?code=f94490251d0b3d40a5f3&state=RhLXVhdC50YXlsb3JxxxxmcmFuY2lzLmNvbS9ib29rcy8ifQ%3D%3D>'

>> in the request. However when run zest script, it re-encodes to '
>> ifQ%253D%253D

>> <https://beta-uat.xxxx/covers/login/callback?code=f94490251d0b3d40a5f3&state=RhLXVhdC50YXlsb3JxxxxmcmFuY2lzLmNvbS9ib29rcy8ifQ%3D%3D>

[lakshmi]

Thank you.